"Sweetpacks" hijacking browser

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by fixerH, Jul 4, 2013.

  1. fixerH

    fixerH Private E-2

    My browser has been hijacked on my computer. When I click on Google Chrome or Firefox, I am taken to this page: http://start.sweetpacks.com/?barid={20CE9071-E45F-11E2-B64A-001DBAEDB043}&src=10&crg=3.5000006.10045&st=23 Going into my programs and deleting Sweetpacks makes no difference. It keeps coming back.

    I'm attaching the logs that I received from following the steps in the Malware Removal Guide. How do I get rid of this nasty bug?
     

    Attached Files:

  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Rescan with Hitman and have it delete Potential Unwanted Programs.

    Now rescan again and attach fresh log from doing so.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
  3. fixerH

    fixerH Private E-2

    As I was downloading Hitman Pro onto my computer, my browser opened up and it was to this page: aspca.we-care.com/wecarereminderintro
    This one also popped up: thankyoupage.com/quickShare/quickShare-thank-you.html I went ahead and ran Hitman twice per the instructions. I'm attaching the results of the second run through and the new MGlogs.zip. “Sweetpacks Search” is still coming up when I click on my browser instead of my homepage. Other than that, my computer seems to be running pretty well, but I still have not been able to get rid of this malware.
     

    Attached Files:

    Last edited by a moderator: Jul 4, 2013
  4. fixerH

    fixerH Private E-2

    Also, certain programs keep coming back into my "All Programs." ASPCA Reminder by We-Care.com, InfoSeeker by Big Water Applications, LLC and Quick Share Linkury Inc. keep coming back even though I deleted them all yesterday. And, after a restart, it is taking longer to open files than it probably should be for a computer with this much RAM and processing power.
     
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Please save the work in your browsers before proceeding.
    • Double-click JRT.exe to run (Vista/7 right-click and select Run as Administrator)
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Please attach JRT.txt to your next message. (See: HOW TO: Attach Items To Your Post )
     
  6. fixerH

    fixerH Private E-2

    Thank you Kestrel. I think that may have done the trick.
     

    Attached Files:

    • JRT.txt
      File size:
      4.9 KB
      Views:
      5
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Most welcome. :)

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
  8. fixerH

    fixerH Private E-2

    Actually, my computer has been running slow. Clicking on some icons like the C Drive has taken a long time to open ...
     

    Attached Files:

  9. fixerH

    fixerH Private E-2

    I just right-clicked on the MGlogs.zip file on my desktop. I was attempting to move it from the Desktop to the C drive. But before I could do so my computer blue screened on me and then went to black screen which gave me an option to Start Windows Normally which I did. Also, as mentioned before, it seems to be stalling.
     
  10. fixerH

    fixerH Private E-2

    Also, my computer has just frozen up on me twice. It did it while I was in Performance Options. I checked "Let Windows choose what's best for my computer" and it froze up on me. I manually turned the computer off, waited ten seconds and rebooted it. Then, I tried to check the box in Performance Options again and my computer froze up a second time. Additionally, Windows Explorer has crashed on me several times in the past few days.
     
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You need to use MSCONFIG to put this machine back into normal start up. Any other mode is primarily used for troubleshooting and diagnostic purposes.

    Re run Hitman and attach the log.
     
  12. fixerH

    fixerH Private E-2

    I've right clicked info on two different websites today and tried to copy it the first time into Word and the second time into Excel. My computer Blue Screened on me both times and then went to the Black Screen where I selected "Start Windows Normally." And, Hitman couldn't find anything wrong.
     

    Attached Files:

  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hitman finds this according to the log!
    You need to have Hitman delete it. Will it let you?
     
  14. fixerH

    fixerH Private E-2

    Hi Kestrel. I deleted the two problems per your suggestion with Hitman, but Windows Explorer is still crashing on me when I try to change the performance settings ...
     
  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Then as long as when you rescan with Hitman, it does not find anything else, you can follow final steps below and ask about any outstanding issues in the software forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds